[refpolicy] Contribute chrome (sandbox) policy from Fedora to Refpolicy.
Sven Vermeulen
sven.vermeulen at siphos.be
Mon Jan 9 14:52:20 CST 2012
On Fri, Jan 06, 2012 at 12:25:56PM -0500, Daniel J Walsh wrote:
> Please review and Ack.
[...]
> +########################################
> +## <summary>
> +## Role access for chrome sandbox
> +## </summary>
> +## <param name="role">
> +## <summary>
> +## Role allowed access
> +## </summary>
> +## </param>
> +## <param name="domain">
> +## <summary>
> +## User domain for the role
> +## </summary>
> +## </param>
> +#
> +interface(`chrome_role_notrans',`
Since the module will be called chrome, I can imagine it wouldn't take long
before chrome is put in its own domain. For this reason, I'd try to keep the
_sandbox suffix wherever possible.
Perhaps chrome_role_notrans_sandbox ?
> +########################################
> +## <summary>
> +## Role access for chrome sandbox
> +## </summary>
> +## <param name="role">
> +## <summary>
> +## Role allowed access
> +## </summary>
> +## </param>
> +## <param name="domain">
> +## <summary>
> +## User domain for the role
> +## </summary>
> +## </param>
> +#
> +interface(`chrome_role',`
chrome_role_sandbox
> +########################################
> +## <summary>
> +## Dontaudit read/write to a chrome_sandbox leaks
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain to not audit.
> +## </summary>
> +## </param>
> +#
> + gen_require(`
> + type chrome_sandbox_t;
> + ')
> +
> + dontaudit $1 chrome_sandbox_t:unix_stream_socket { read write };
> +')
I'm missing the interface call here.
chrome_dontaudit_rw_unix_stream_sockets_sandbox?
> +ubac_constrained(chrome_sandbox_tmpfs_t)
I'm not certain, but if you mark this resource as ubac-constrained, doesn't
chrome_sandbox_t need to be marked as such as well? Same for
chrome_sandbox_nacl_t?
Wkr,
Sven Vermeulen
More information about the refpolicy
mailing list